{"service":"scrimed-release-evidence-promotion-queue","status":"release-evidence-promotion-queue-active-human-gated","route":"/release-continuity#release-evidence-promotion","apiRoute":"/api/release-continuity/evidence-promotion","briefRoute":"/api/release-continuity/evidence-promotion/brief","sourceLedgerStatus":"release-evidence-ledger-active-no-secret","generatedAt":"static-no-secret-release-promotion","noPhiConfirmed":true,"tokenMaterialCaptured":false,"productionApproval":false,"buyerDistributionAuthority":"protected-buyer-diligence-only-after-review","externalDistributionAuthority":"not-authorized","publicClaimAuthority":"not-authorized-public-claim","queueCount":10,"shareableNoSecretCount":7,"operatorProofRequiredCount":2,"externalReviewRequiredCount":1,"blockedProductionClaimCount":8,"queue":[{"id":"promotion-generated-integrity","sourceEntryId":"generated-integrity","label":"Generated workspace integrity","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-207fc4a3","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Keep generated cache cleanup in prebuild and pretypecheck.","safetyBoundary":"Integrity evidence contains source-shape metadata only and must not include secrets, PHI, raw logs, or customer data."},{"id":"promotion-nonsecret-regression-suite","sourceEntryId":"nonsecret-regression-suite","label":"Nonsecret regression suite","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-2d7a7b80","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Promote failures to release blockers until the source contract is restored.","safetyBoundary":"Nonsecret regression evidence must run with bearer-token, sales QA token, and Supabase session environment cleared."},{"id":"promotion-typecheck-lint-build","sourceEntryId":"typecheck-lint-build","label":"Typecheck, lint, and production build","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-22f9f705","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Keep nonzero build, typecheck, or lint results as hard release blockers.","safetyBoundary":"Build evidence can mention known local SWC fallback warnings, but must not include secrets, tokens, PHI, or customer payloads."},{"id":"promotion-clinical-robustness-lab-contract","sourceEntryId":"clinical-robustness-lab-contract","label":"Clinical Robustness Lab contract","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-acbcab0e","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Escalate clinical score changes to human review before external claims expand.","safetyBoundary":"Clinical robustness evidence is synthetic/demo use only and is not clinical validation, diagnosis, treatment, prescribing, or live patient-care authority."},{"id":"promotion-execution-attempt-durable-store-contract","sourceEntryId":"execution-attempt-durable-store-contract","label":"Execution Attempt Durable Store contract","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-a39ec62e","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Run strict AAL2 smoke only with a fresh authorized human token.","safetyBoundary":"Durable-store contract evidence proves source controls and fail-closed posture only; protected writes still require AAL2 and target enablement."},{"id":"promotion-compute-fabric-migration-preflight","sourceEntryId":"compute-fabric-migration-preflight","label":"Compute Fabric durable-store migration preflight","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-e715f634","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Keep status compute-fabric-migration-preflight-ready-no-secret until target migration history and strict AAL2 smoke are verified.","safetyBoundary":"Compute Fabric migration preflight evidence proves source controls, trigger guards, projection fields, rollback plan, and no-live-model-call posture only; it does not apply migrations or prove live Supabase state."},{"id":"promotion-aal2-smoke-readiness-preflight","sourceEntryId":"aal2-smoke-readiness-preflight","label":"AAL2 smoke readiness preflight","lane":"buyer-diligence-candidate","status":"shareable-no-secret-metadata","sourceEvidenceHash":"release-evidence-4ead6ebf","targetPacket":"buyer diligence no-secret release evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","allowedAudience":["internal team","investor diligence","buyer diligence under no-secret boundary"],"requiredApprovals":["release steward","claim guard reviewer before external copy expansion"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"No production blocker for metadata-only buyer diligence use; public claims still require review.","nextAction":"Supply a fresh authorized tenant-admin, pilot-lead, or reviewer AAL2 token only for strict smoke.","safetyBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification."},{"id":"promotion-strict-aal2-durable-store-smoke","sourceEntryId":"strict-aal2-durable-store-smoke","label":"Strict AAL2 durable-store smoke","lane":"protected-operator-proof-required","status":"blocked-until-retained-aal2-proof","sourceEvidenceHash":"release-evidence-15bc543c","targetPacket":"protected retained AAL2 operator proof packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","allowedAudience":["internal release operators","approved AAL2 reviewers"],"requiredApprovals":["approved tenant-admin/pilot-lead/reviewer AAL2 operator","release steward"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"Fresh human AAL2 operator run and retained no-secret protected packet hash required.","nextAction":"Retain no-secret outcome metadata and immediately rotate or clear temporary token material.","safetyBoundary":"Strict durable-store evidence may retain only no-secret status, command name, workspace slug, role class, audit metadata, and packet hashes after a human AAL2 run."},{"id":"promotion-strict-stored-vector-rpc-smoke","sourceEntryId":"strict-stored-vector-rpc-smoke","label":"Strict stored-vector RPC smoke","lane":"protected-operator-proof-required","status":"blocked-until-retained-aal2-proof","sourceEvidenceHash":"release-evidence-07b73b12","targetPacket":"protected retained AAL2 operator proof packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","allowedAudience":["internal release operators","approved AAL2 reviewers"],"requiredApprovals":["approved tenant-admin/pilot-lead/reviewer AAL2 operator","release steward"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"Fresh human AAL2 operator run and retained no-secret protected packet hash required.","nextAction":"Retain only no-secret success/failure metadata and protected route references.","safetyBoundary":"Stored-vector strict evidence must not expose raw embeddings, token material, PHI, production patient matching, or customer data."},{"id":"promotion-qualified-external-approval-review","sourceEntryId":"qualified-external-approval-review","label":"Qualified external approval review","lane":"qualified-external-review-required","status":"blocked-until-qualified-review","sourceEvidenceHash":"release-evidence-c9d0e8a6","targetPacket":"qualified external approval evidence packet","targetRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence","allowedAudience":["founder","qualified legal/security/clinical/reimbursement/regulatory reviewers"],"requiredApprovals":["legal reviewer","privacy/security reviewer","clinical/regulatory reviewer","buyer authorization owner"],"shareableFields":["entry id","label","command name","status","evidence type","source surface","artifact route","deterministic evidence hash","safe use cases","blocked claims","human-review requirement","replay instruction","next action"],"withheldMaterial":["bearer tokens","JWTs","refresh tokens","Supabase keys","service-role keys","passwords","PHI","patient identifiers","raw logs","customer data","production connector payloads","clinical conclusions","legal opinions","security certification reports"],"blocker":"Qualified external approval evidence and reviewer signoff required.","nextAction":"Do not promote PHI, live-care, certification, connector, or customer go-live claims from this ledger.","safetyBoundary":"External approval evidence must be retained outside public source until qualified legal, privacy, security, clinical, buyer, or certification-body review authorizes use."}],"promotionRules":["Passed no-secret ledger entries may be attached to buyer diligence as metadata-only candidates.","Operator-required entries remain blocked until a fresh human AAL2 run produces retained no-secret protected packet metadata.","External-review entries remain blocked until qualified legal, privacy, security, clinical, buyer, regulatory, or certification-body review exists.","Promotion may include command names, statuses, routes, evidence hashes, safe-use labels, and next actions only.","Promotion must withhold bearer tokens, JWTs, Supabase keys, service-role keys, PHI, raw logs, customer data, production connector payloads, clinical conclusions, certification proof, and public release approval."],"blockedClaims":["release evidence promotion is production approval","public distribution approved","strict AAL2 proof retained without a protected packet hash","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"boundary":"SCRIMED Release Evidence Promotion Queue converts no-secret release ledger entries into buyer-diligence candidates, protected operator proof blockers, and qualified-review requirements. It does not store PHI, tokens, raw logs, customer data, production connector payloads, certification evidence, public release approval, or live clinical authority."}